Hello,
I'm attaching a patch against current adding a new libc and
kernel function: consttime_memcmp(3). The code is borrowed
from OpenBSD timingsafe_memcmp(3) [1].
consttime_memcmp(3) is similar to memcmp(3) with timing safe layer.
For details please see below at the preprocessed man-page.
The patch is modeled after consttime_memequal(3).
Please review and import into .Nx 8.
CONSTTIME_MEMCMP(3) Library Functions Manual CONSTTIME_MEMCMP(3)
NAME
consttime_memcmp -- compare byte strings without timing leaks
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <string.h>
int
consttime_memcmp(void *b1, void *b2, size_t len);
DESCRIPTION
The consttime_memcmp() function compares byte string b1 against byte
string b2. Both strings are assumed to be len bytes long.
The time taken by consttime_memcmp() depends on len, but not on the data
at b1 or b2. Thus, consttime_memcmp() is appropriate for comparing
cryptographic secrets, hashes, message authentication codes, etc.,
without leaking information about them through a timing side channel. In
crypto literature, consttime_memcmp() is said to take `constant time',
meaning time that does not vary depending on the data it processes.
Note that unlike consttime_memequal(3), consttime_memcmp() returns a
lexicographic ordering on the data at b1 and b2.
RETURN VALUES
The consttime_memcmp() function returns an integer greater than, equal
to, or less than 0, according to whether the string b1 is greater than,
equal to, or less than the string b2. The comparison is done using
unsigned characters, so that `\200' is greater than `\0'. Zero-length
strings are always identical.
SEE ALSO
consttime_memequal(3), explicit_memset(3), memcmp(3)
HISTORY
The timingsafe_memcmp() function appeared in OpenBSD 5.6 and was imported
under the new name consttime_memcmp() into NetBSD 8.0.
NetBSD 7.99.1 March 15, 2015 NetBSD 7.99.1
References:
[1] http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/timingsafe_memcmp.3Attachment:
patch-consttime_memcmp
Description: Binary data